If you managed to brick your FS728TP with a bad firmware update, rollback, etc. this guide aggregates data found around the net. This process involves soldering, serial communications and some basic hardware knowledge. I do not take credit for the original work of discovering the datasheet or UART pins. This device uses a Marvel 88E6218-LG01 with UART p52 = Rx, p53 = Tx. U27 is similar to max232 chip, where p11 and p12 connect to the UART on the Marvel controller.
- Netgear FS728TPv1 Firmware
- You will need the 5.0.0.7 Package for the boot rom and the 5.0.0.8 for the latest firmware
- Hyperterminal, puttyplus or something that can send files via XMODEM
- Soldering Iron
- FTDI breakout board or cable
Being by unplugging everything and opening the case of the FS728TPv1. Once open, find U27. It will be near the back of the board, J8, the MARVELL controller, and may be under the MAC sticker. Find the pins 11 and 12 as shown in the photo. Solder a wire to each of these pins and connect them to the RX and TX pins of your FTDI cable or board. Be sure to also connect GND to a sutable location, such as a screw on the board.
WARNING: LETHAL VOLTAGE Cover the power supply with a piece of plexiglass, FR4 or other non-conductive material to protect yourself from the mains power. Use electrical tape to hold it in place. This will also act as an air duct to keep the PSU cool while the case is off.
With the FTDI chip connected to your PC, open a serial session using:
- baudrate = 38400, data bits = 8, parity = none, stop bits = 1, flow control = none
Now, boot the switch. If nothing happens, try switching your RX/TX wires. If successful, you will be presented with a screen that
says Autoboot in 2 seconds - press RETURN or Esc. to abort and enter prom. Press RETURN or Esc.
The following menu will show in the terminal:
- 1 = software download
- 2 = flash file Erase
- 3 = diagnostic mode
- 4 = password recovery procedure entry
- 5 = Set baudrate terminal
- 6 = back
Select option 1 to flash the firmware files.
For this step, I used hyperterminal. Any other terminal with XMODEM file capabilities should work.
If you need to flash the BOOT CODE, flash frimware 3.0.0.22 first. This will take about 25-30 minutes. This will reenable the web interface and allow you to flash the BOOT CODE 1.0.0.5 and FIRMWARE 5.0.0.8 from the web interface or Smartwizard Discovery.
If you already have the 1.0.0.5 BOOT CODE, instead flash 5.0.0.8 FIRMWARE. This will take about 25-30 minutes.
When the firmware has been flashed successfully, reboot the device. You should see system tests PASS and Decompressing SW from image-1.
Congratulations, you have unbricked your switch.
